Faronics Deploy Docs
Deploy HomeDeploy Sign inSubmit a ticket
  • About Faronics Deploy
  • Highlights
    • Top 10 Trending Topics
    • What's New?
  • Getting Started
    • Quick Start Guide
      • System Requirements
      • Initial Setup and Configuration
        • Sign Up - Create a Faronics Deploy Account
        • Download and Install Deploy Agents
          • Windows Install Guide
            • Download MSI Installer to Deploy via Active Directory
          • Mac Install Guide
        • Login to Deploy for the First Time
        • Configure User Profile and Organization Settings
          • How to Configure your User Profile
          • How to Configure your Organization Settings
        • Add Administrators - Invite your Team and Assign Roles
        • Manage Tags
          • Apply a Tag
    • Navigating the User Interface
      • Deploy User Interface Views
        • Control Grid
          • Dashboard View
          • Applications View
          • Windows Updates View
          • OS Deployment View
          • Anti-Virus View
          • Inventory View
          • Policies View
        • Analytics
          • Applications View
          • Usage Reports View
          • Windows Updates Status View
          • Anti-Virus Reports View
          • Deploy Diagnostics View
        • Tickets View
        • Tasks View
      • Using the Control/Smart Grids
      • Using the Action Toolbar
      • Computer States and Actions
        • Handling Offline Computers
        • Wake-On-LAN
          • Designate Last Man Standing (LMS) computers
      • Light Mode/Dark Mode View
  • Feature Definitions and Glossary
  • Action Toolbar
  • App Preset
  • Custom App
  • Policies (Windows)
  • Policies (macOS)
  • Policy Update Mode
  • Application Management
    • Applications Overview
    • Navigating the Applications Control Grid
    • Cache Server: Save Bandwidth
    • Groups Configuration
      • Create a Group
      • Delete a Group
      • Add Computer(s) to a Group
        • Assign a Computer to a Group via the Deploy Agent Download and Install
        • Assign Computers to a Group After they Appear in the Dashboard
        • Group Computers Using a Naming Convention
        • Group Computers Based on Criteria in Inventory
      • Perform Actions on a Group of Computers
        • Perform Actions via the Action Toolbar on a Group of Computers
    • Install, Uninstall & Update Applications
      • Install Application(s)
        • Install Built-In Application(s)
        • Install an Application on All Computers in Deploy
        • Install an Application Using Winget
          • Enable and Install Winget
          • Install an Application Using the Winget Tool
        • Install an External Application (Custom App)
          • Create and Install a Custom App
            • Hosting a Custom App - URL or Network Path
          • Edit a Custom App
          • Copy a Custom App
          • Request Assistance From a Deployment Specialist
          • Example: Installing MS Office 365 as a Custom App
        • Install a Pre-Defined Group of Applications (App Presets)
          • Create an App Preset
          • Install an App Preset
          • Manage App Presets
        • Install an Application on a Group of Computers
        • Schedule an Install of Application(s)
          • Schedule an Install of an Application
          • Schedule an Install of Multiple Applications
      • Uninstall Application(s)
        • Uninstall an Application From a Group of Computers
        • Uninstall an Application From all Computers
        • Schedule an Uninstall
      • Update Application(s)
        • Performing Updates On-Demand
        • Update via Apps with Recent Updates Grid
        • Update Applications Using Policy Modes
    • Application Management for macOS
      • Install Application on macOS
        • Install Built-In Application(s) on macOS
        • Install a Custom App (External) on macOS
          • Create and Install a Custom App on macOS
      • Update an Application on macOS
      • Uninstall Application on macOS
      • Shell Scripts on macOS
  • WINDOWS UPDATES
    • Navigating the Windows Updates Control Grid
  • Manual Windows Updates Approval
    • Manually Approve All Windows Updates for All Computers (Install All Updates)
    • Manually Install Windows Updates on a Group of Computers
    • Manually Approve a Windows Update Category (in a Policy) for all Computers
    • Manually Approve an Individual Windows Update in a Policy for All Computers
    • Manually Approve or Deny Individual Windows Updates via Pending Windows Updates
    • Patch Scan (On-Demand)
  • Automated Windows Updates Approval
    • Automated Windows Updates Using Policies
    • Automated Windows Updates Use Case: Testing Patches
    • Patch Scan (Using a Policy)
  • OS DEPLOYMENT
    • Navigating the OS Deployment Control Grid
    • Imaging Utility Requirements
    • Getting Images Ready for Deployment
      • Loading Images from ISO Files
        • Download and Install the Faronics Deploy Imaging Server Tool
        • Loading ISO Image Files via the Faronics Deploy Imaging Tool
      • Building Images for Deployment - Template Machine
    • Capturing Images
    • Deployment Packages
      • Deployment Package Install Settings
    • Post Imaging Actions
    • USB Media Creator
      • Generate a Portable USB Creator (Used to Create a Recovery USB Drive)
      • Create a Recovery USB Flash Drive from a Portable USB Creator
    • Inject Drivers into the boot.wim File
    • Abort the Sysprep Task
  • OS MANAGEMENT
  • OS Management Overview
  • Create a Configuration
    • System and Security
    • Network and Internet
    • Hardware
    • User Accounts
    • Appearance and Personalization
    • Clock and Region
    • Ease of Access
    • Others
  • Apply a Configuration to a Group of Computers
  • Custom Scripts - PowerShell, VB, Batch, Executable [.exe]
    • Custom Scripts Library
      • Quick Guide to Self-Hosting Custom Scripts
      • Send Message
      • Rename Multiple Computers
      • Show All Notification Icons
      • Hide Task View
      • Hide Recent Apps
      • Hide People Taskbar
      • Disable Cortana
      • Google Chrome Ad Blocker Extension
        • Create a Custom Script to Install any Google Chrome Extension
      • Uninstall Windows Updates
      • Auto Logon
      • Disable the UltraVNC System Tray Icon
      • Install Printer Driver Silently
  • Policies - Scheduling and Automation
    • Update modes - Automatic, Scheduled, Adhoc
    • Create a Policy
      • Create a Windows Policy
      • Create a macOS Policy
      • Create a New Policy (MDM)
        • Global Settings (MDM)
    • Maintenance Mode
    • End-User Experience: Defer Updates and Reboots
    • Protecting the Deploy Agent
  • ANTI-VIRUS & FIREWALL
    • Faronics Anti Virus & Firewall Protection Configuration
      • Anti-Virus Settings
      • Firewall Settings
      • Computer Settings
  • Upgrade Anti-Virus Software
  • Restore or Delete Quarantined Files
  • INVENTORY
    • Inventory
      • View Details
    • Organize Computers Using Inventory Data
    • Retrieve MSInfo Reports Using the Deploy Console
    • Inventory Data Update - Heartbeat + On-Demand
    • Quickly View Installed Applications
    • Organize Inventory by Active Directory Group Membership / Organization User Membership
  • ANALYTICS
    • Usage Statistics Reports
      • Application Usage Report
      • Application Update Status Report
      • Installed Applications Report
      • Computer Usage Report
      • Login Summary Report
      • Windows Update Status Report
  • REMOTE ACCESS - RDP / VNC
    • Remote Access Requirements - Ports and Networking
    • Remote Pro
    • VNC - Initial Setup
    • Using VNC - Virtual Network Computing
    • Using RDP - Remote Desktop Protocol
    • Remote View the Screen of a Computer (Configure Refresh Rate & Monitor Selection)
  • TASKS
    • Task History
    • Scheduled Tasks
      • Assign a Scheduled Task
      • Delete a Recurring Scheduled Task
      • Cancel a One Time or Recurring Scheduled Task
    • Schedule a One Time Task
    • Schedule a Recurring Task
    • Schedule a Custom Script to Run on Every Reboot
  • Help Desk Tickets
    • Enabling Ticketing
      • Enable Ticketing for Your Organization
        • Enable Email Alerts for Incoming Tickets
      • Enable Ticketing for a User
      • Ticketing Emails
    • Ticket Actions
      • Create a Ticket
      • Edit a Ticket
      • Add a Note to a Ticket
      • Assign Ticket (To a User)
      • Assign Owner (To a Ticket)
      • Change Status of a Ticket (Open, In Progress, Closed)
      • Download a File Attached to a Ticket
      • View a Ticket
      • View History
      • Export a Report of All Tickets to a CSV File
      • Remote Access a Computer via a Ticket
    • Ticketing - Mapping Email IDs
    • Fair Use Policy - Ticketing
  • User Management
    • User Roles
    • Add Users
      • Add a User via Email
      • Add a User/Group via Active Directory
    • Configure SAML (Verify Users for External Applications)
  • Organization Settings
    • 2FA - Two Factor Authentication
    • Accessibility
  • Mobile Device Management
    • Overview
    • Device Configuration
      • MDM Set up
      • Enroll Standard Device
        • Mobile Browser
        • iOS App
        • Apple Configurator
        • Email
      • Enroll Lite Device
    • Apple Devices
    • Apple Lite Devices
    • Apps & Docs
      • Applications
      • Shared Documents
    • Settings
      • Networks
      • Personalization
      • Accounts
    • Device Actions
    • Action Toolbar
Powered by GitBook
On this page
  • Configuration
  • Restrictions
  • Passcode
  • Kiosk Mode
  • Geofencing
  • Web Filtering
  • Applications
  1. Policies - Scheduling and Automation
  2. Create a Policy

Create a New Policy (MDM)

PreviousCreate a macOS PolicyNextGlobal Settings (MDM)

Last updated 10 months ago

Configuration

  • Assign the Policy Name and specify the settings for All Device Type and Supervised Device Only.

  • Wireless Network – Click Add Wireless Network and select from the list, then click OK. If there are no pre-defined wireless networks, click Add to create a new wireless network. Refer to .

  • Web Clips – Click Add Web Clips and select from the list, then click OK. If there are no pre-defined web clips, click Add to add web clips. Refer to .

  • Email Settings – Click Add Email Settings and select from the list, then click OK. If there are no pre-defined emails, click Add to add emails. Refer to .

  • Certificates – Click Add Certificates and select from the list, then click OK. If there are no pre-defined certificates, click Add to add certificates. Refer to .

  • Global HTTP Proxy – Select a proxy from drop-down list or Click Add Global HTTP Proxy and select from the list, then click OK. If there are no pre-defined proxies, click Add to add a proxy. Refer to .

  • Wallpapers – Select a wallpaper from drop-down list or Click Add Wallpaper and select from the list, then click OK. If there are no pre-defined wallpapers, click Add to add a wallpaper. Refer to .

  • Lock screen message – Specify the message to be displayed at the bottom of the lock screen up to a maximum of 36 characters.

Restrictions

Click Add to select restrictions from the category of restrictions and then click Save.

After restrictions have been selected, enable or disable the restrictions, or set up specific parameters through the Parameters column.

See to view the complete list of restrictions.

Passcode

  • Require a Passcode – Enable this option to enforce a passcode requirement on devices in the group.

  • Require alphanumeric value – Enable this option to require passcodes to contain at least one letter and one number.

  • Allow simple value – Enable this option to allow passcodes that include repeating, ascending, or descending character sequences (for example, ’3333’ or ’DEFG’).

  • Minimum length – Specify the minimum number of characters (between 4 to 16 characters) a passcode must contain.

  • Maximum Failed Unlock Attempts – Specify the number of failed login attempts (up to maximum of 50) before a device is wiped clean.

  • Auto-lock Time Limit – Specify how long the device can remain idle before locking itself.

  • Minimum Complex Characters – Specify the number of non-alphanumeric characters (symbols or punctuation marks such as $ and !) that the passcode must contain. Passcodes cannot have more than 4 complex characters.

  • Passcode Expiry Duration (in days) – Specify the maximum number of days (up to maximum of 365 days) the passcode may be used before the passcode must be changed.

  • Grace Period before Device Lock – Specify how soon the device can be unlocked again after use, without prompting again for the passcode.

  • Passcode History – Specify the number of new passcodes that must be used (up to maximum of 50) before an old password can be reused.

Kiosk Mode

Kiosk Mode enables IT admins to lock devices to run a single app or just a specific set of pre-approved apps. Once Kiosk Mode is enabled on the device, users will have access only to the specific app or set of apps, device settings, and functionalities allowed by the admin, with the rest restricted.

  • Enable Kiosk Mode (Single App Mode) – When enabled, this option restricts iOS device functionality to run a single application. Only for supervised devices.

  • Select app to run in Single App Mode – Select an app to run from the pre-defined list or, if you want to run an app in kiosk mode that is not found in the pre-defined list, select Specify Bundle Identifier and provide the Bundle ID in the field provided. Note that Bundle IDs are case sensitive. When selecting a single app, the selected app will be automatically installed on devices added to the group (if it is not already installed).

  • Always Enabled – Select which features should be always enabled (if any). Enabled features will be always be active/available and cannot be disabled.

    • Touch – Allows devices to respond to input from the touchscreen.

    • Motion (Screen Rotation) – Allows screen orientation to rotate according to the device orientation.

    • Volume Buttons – Allows devices to respond to input from the volume buttons.

    • Side Switch – Allows devices to respond to input from the side switch (only for certain models).

    • Sleep/Wake Buttons – Allows devices to respond to sleep/wake commands generated by pressing the power button.

    • Auto-Lock – Enables the device to automatically lock after a defined period of inactivity.

    • Voice Over – Enables Voice Over mode, where the device automatically reads text on the screen out loud.

    • Zoom – Enables zoom mode so users can touch to zoom in on the screen. Devices added to the group will adopt the current value of this option, but toggling the option has no effect on devices that are already members of the group.

    • Invert Colors – Enables the option to invert the display colors so users with visual impairments can change the display screen. Devices added to the group will adopt the current value of this option, but toggling the option has no effect on devices that are already members of the group.

    • Assistive Touch – Enables the Assistive Touch feature, which allows users to replace certain touchscreen actions (such as pinching or double-tapping) with a single touch. Devices added to the group will adopt the current value of this option, but toggling the option has no effect on devices that are already members of the group.

    • Speak Selection – Allows the Speak Selection accessibility settings on devices. This feature reads text out loud that users select. Devices added to the group will adopt the current value of this option, but toggling the option has no effect on devices that are already members of the group.

    • Mono Audio – Restricts audio output to mono audio.

  • Accessibility Shortcut – Select which accessibility shortcuts (if any) should be available when using the kiosk devices. If a shortcut is enabled, users will be able to turn the associated accessibility feature on and off according to their needs.

    • Voice Over – Enable this option to permit users to toggle Voice Over mode.

    • Zoom – Enable this option to permit users to toggle Zoom mode.

    • Invert Colors – Enable this option to permit users to invert display colors.

    • Assistive Touch – Enable this option to permit users to toggle Assistive Touch mode.

Geofencing

Geofencing enables IT admins to restrict the usage of devices to certain regions by creating geofences, or virtual fences, based on real-world geographical region. This feature allows admins to set up alerts, automatic actions, and tailor policies based on device movement and specified tags.

  • Track device location – Select this option to track the most recently reported location. This requires Faronics MDM App to be installed on the device and track device function enabled on the device.

  • Create locations by typing an address in the Search Address field and setting a radius around the location, then click Add.

  • Set a Fence Priority. The order of priority is listed in descending order. The higher the fence is in the list, the more priority it is given. In the event of any conflict resulting from overlapping geofences, the policy listed higher in the list will take priority. Policies with Policy Switching labels indicate policies that contain criteria for Switch Policy on Entry/Exit.

  • Time Delay – Specify the amount of time a device must spend outside of a geofenced area (up to a maximum of 180 minutes) before an action is triggered.

  • Email Alerts – Select to send an alert when Device Enters Fence or/and when Device Exits Fence.

  • Lock device when it exits fence – When enabled, this action will lock the device after exiting the fence after the time delay expires.

  • Full wipe device when it exits – When enabled, this action will wipe the device after exiting the fence after the time delay expires. Note that this action will delete all data from the device. Make sure that the geofence is correctly configured to avoid accidental data loss.

  • Switch Policy on entry/exit – Enable this option and configure the following options to be applied to the device upon entry to or exit from the fence:

    • Apply this policy (Name of Policy) on geofence entry if device matches any tags – Enter a tag to apply.

    • Assign this policy when device exits the fence – Select a policy from the list to be applied to the device, if the device has any of the following tags specified.

    • Assign this policy when device exits the Fence – Select a policy from the list to be applied to the device, if the device has none of the above tags.

When the Switch Policy on Entry/Exit is enabled, these actions take precedence and will be applied on the device when the device exits the fence, even if the Lock Device when it Exits Fence and/or Full Wipe Device when it Exits are selected.

Web Filtering

  • Enable Web Filtering – Enable this option and select to allow or block websites. Specify the list of websites separated by a comma in the field provided.

Applications

  • Select an app and assign whether to automatically update or manually update the app.

After policies have been created, you can assign them to enrolled devices.

Apple Restrictions
Wi-Fi Networks
Global HTTP Proxy
Web Clip
Wallpapers
Email Settings
Certificates